Manager, Technology Risk

What You’ll Do

• Maintain and continuously refine the Technology Risk Register, documenting cyber, operational, and regulatory risks with clear ratings, owners, and mitigation plans.
• Track and drive remediation progress across engineering and IT teams, escalating and unblocking as needed to ensure risk treatment plans meet agreed SLAs.
• Serve as a primary interface for internal and external auditors on SOX IT General Controls (ITGC) and related technology control testing, documentation, and evidence collection.
• Coordinate and track remediation of SOX ITGC findings, ensuring clear ownership, high-quality corrective actions, and timely closure to prevent control deficiencies and material weaknesses.
• Partner with Security, Accounting, Legal/Compliance, and IT to ensure risk and control practices support HIPAA and other healthcare regulatory requirements.
• Partner with Application Security, SRE, and Infrastructure teams to aggregate, prioritize, and track code vulnerabilities, penetration-testing findings, and infrastructure risks across the SDLC.
• Analyze vulnerability trends (by system, control, and data sensitivity) to help teams focus on the highest-impact remediation work.
• Drive consistent, high-quality documentation of risk decisions, mitigations, and compensating controls.
• Design and maintain risk and control dashboards that provide senior leadership with clear insight into security posture, compliance status, and remediation velocity.
• Produce recurring executive-ready reports and narratives that translate complex technical risk into clear, non-technical language for decision-makers and risk committees.
• Recommend and refine KPIs/KRIs that measure technology risk, SOX ITGC health, and vulnerability reduction over time.

What You Bring

• 8+ years of experience in technology risk, IT audit, cybersecurity, or information security, with recent, hands-on experience in SOX-driven or heavily regulated environments (e.g. public/pre-IPO company, Big 4 IT audit/risk advisory, financial services or healthcare).
• Proven track record as a senior IC leading complex, cross-functional risk or compliance programs with high visibility to engineering and IT leadership.
• Deep experience with SOX IT General Controls (design, testing, and remediation) in cloud-first environments.
• Strong understanding of access management, change management, computer operations, and related control frameworks.
• Comfort working in PHI-handling or similarly sensitive data environments.
• Demonstrated ability to influence senior engineering and IT stakeholders: surface uncomfortable risks, keep discussions anchored in facts and impact, and help teams arrive at well-documented decisions.
• Excellent relationship-builder who balances assertiveness with partnership—able to challenge, negotiate trade-offs, and still maintain trust.
• Exceptional written and verbal communication skills; distill complex technical risk into concise, executive-ready narratives and clear action plans.

Preferred Qualifications

• Certifications such as CISA, CISSP, or equivalent.
• Prior Big 4 (or similar) experience in IT audit, SOX, or technology risk.
• Experience with SOX IT General Controls and broader security frameworks.